#!/bin/bash

# 关闭SELinux的Permissive模式，即不强制执行但记录违规行为
setenforce 0
 
# 永久关闭SELinux，需要重启生效
sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

# install acme
git clone https://gitee.com/acmesh-official/acme.sh.git
cd acme.sh
./acme.sh --install -m 374494848@qq.com
cd ..

# issur cert
"/root/.acme.sh"/acme.sh --issue -d tech.js.cn --dns dns_dp --server https://acme.freessl.cn/v2/DV90/directory/6hr48eb3ah5y4g643hjr
"/root/.acme.sh"/acme.sh --issue -d www.tech.js.cn --dns dns_dp --server https://acme.freessl.cn/v2/DV90/directory/6hr48eb3ah5y4g643hjr

"/root/.acme.sh"/acme.sh --issue -d itdj365.cn --dns dns_dp --server https://acme.freessl.cn/v2/DV90/directory/6hr48eb3ah5y4g643hjr
"/root/.acme.sh"/acme.sh --issue -d www.itdj365.cn --dns dns_dp --server https://acme.freessl.cn/v2/DV90/directory/6hr48eb3ah5y4g643hjr

# deploy acme
"/root/.acme.sh"/acme.sh --install-cert -d tech.js.cn \
	--fullchain-file /root/ztools-deploy/cn.js.tech_bundle.pem \
	--key-file       /root/ztools-deploy/cn.js.tech.key  

"/root/.acme.sh"/acme.sh --install-cert -d www.tech.js.cn \
	--fullchain-file /root/ztools-deploy/cn.js.tech.www_bundle.pem \
	--key-file       /root/ztools-deploy/cn.js.tech.www.key 

"/root/.acme.sh"/acme.sh --install-cert -d itdj365.cn  \
	--fullchain-file /root/ztools-deploy/cn.itdj365_bundle.pem \
	--key-file       /root/ztools-deploy/cn.itdj365.key  

"/root/.acme.sh"/acme.sh --install-cert -d www.itdj365.cn  \
	--fullchain-file /root/ztools-deploy/cn.itdj365.www_bundle.pem \
	--key-file       /root/ztools-deploy/cn.itdj365.www.key  

# install nginx
apt install -y nginx

sed -i 's/^user www-data;/user root;/' /etc/nginx/nginx.conf

rm /etc/nginx/sites-enabled/default
cp -f ztools-deploy/*.conf /etc/nginx/conf.d/

mkdir -p www/itmkt
apt install -y unzip
unzip ztools-deploy/itmkt.zip -d www/itmkt

mkdir -p beshop
tar -xf ztools-deploy/beshop.tar -C beshop/

nginx -t

systemctl start nginx
systemctl restart nginx
systemctl enable nginx

mkdir -p frp
tar -xf ztools-deploy/frps.tar -C frp/
cp -f frp/frps.service /etc/systemd/system/

systemctl daemon-reload
systemctl start frps
systemctl enable frps
